permafrost-engine
permafrost-engine copied to clipboard
[Security] SDL2 used in this project is vulnerable
CVE-2021-33657 is a security vulnerability in SDL2, which is used in this project. The root cause of this CVE is that map
which is allocated in Map1toN()
or Map1to1
isn't always created as a full 256-entry map. A bmp image can cause heap buffer overflow in Blit1to3()
, when the pixel value in pixel array src
is equal or larger than the number of colors stored in map
.
you can easily fix this vulnerability by applying this patch.